According to Microsoft’s Security Intelligence Report volume 11, zero-day vulnerabilities seem to be not a big issue for today’s users – less than 1 percent of exploits in the first half of 2011 can be blamed for distributing malware through zero-day vulnerabilities. However, it doesn’t mean users are safe from getting infected unexpectedly. SIRv11 reports that 99 percent of all attacks were caused by social engineering and AutoRun vulnerabilities.
Microsoft’s Security Intelligence Report, which is based on software vulnerabilities, exploits, malicious and potentially unwanted software, reveals that social-engineering techniques can be blamed for 45 percent of all malware distribution in the first half of 2011. In the meanwhile, more than a third of all malware was found to be spread through Win32/Autorun feature that is responsible for starting programs automatically as soon as external media is inserted into a PC.
To protect its customers, Microsoft took several steps such as releasing an automatic update for Windows XP and Windows Vista platforms which made the AutoRun feature more secure. However, users should also be concerned about their systems, so always have updated versions of anti-virus and anti-spyware programs installed to protect your machine against the most prevalent online threats.